Written by Luke

Fast event log search in PowerShell with the FilterHashtable parameter

XML structure view of an event

In my last post, I showed you how to display and find specific events with the Get-WinEvent cmdlet. Whereas you can filter event messages easily with the Where-Object cmdlet, using the Data key from the FilterHashtable parameter is much faster.

Contents of this article
– Measuring the speed difference
– Raw data structure of an event
– Displaying only events for a specific account
– Displaying only events for a specific IP address and a specific port

Read more from my guest article at 4SysOps…

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s